On 10/14/2010 10:17 AM, John R. Levine wrote: > I don't see anyone proposing a deep dive into 5322 validation. But 4871 > already says you MUST sign the From: header. Why is that OK, but saying > you MUST NOT sign or validate something with two From: headers is not? > We're not suggesting anything that would invalidate existing bits on the > wire, after all. > > DKIM is full of layer violations where it tells people how to sign and > verify robustly.
Protocol specifications should require all of that actions that are essential to correct operation and none of the actions that are not. A DKIM signature verifies or it doesn't. It delivers a signing domain or it doesn't. What is essential is that it perform the task of validating and delivering a signing domain that is associated with a collection of bits. Anything that defines how to do this is essential. Anything that can make this break needs to be covered, especially if there are ways to protect against the breakage. Perhaps surprisingly, having redundant header fields does not make DKIM break. And it is an issue outside of DKIM and, therefore, need not be "protected against" by DKIM. Also surprisingly, the same holds for more general message conformance checking. The checking does not make DKIM work, and it does not make it work better or worse. So it isn't needed. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html